I found this tutorial on how getting Idle time of the user Idle Time.
The problem is that it will only work if the application runs on the user.
And my application runs on SYSTEM.
How can I get the idle time? or if PC is idle?
Asked
Active
Viewed 8,571 times
11
-
4Because of the variety of services run under SYSTEM it is rarely actually "IDLE" so that this number is almost certainly zero. Can you give us a better idea of what you want to do with this number? What is your larger goal? – Cos Callis Jun 27 '11 at 14:35
-
2I guess the larger goal is seeing idleness of connected mouse and keyboard devices. – Akku Jun 27 '11 at 14:46
-
1If you're wanting to get the idle time for the logged in user, you should be aware that there's no such thing in modern Windows with Fast User Switching or Terminal Services (there can me multiple logged in users). – Damien_The_Unbeliever Jun 27 '11 at 14:47
3 Answers
6
I know this answer has already been accepted but I just wanted to add this in case people wanted to do the same thing in a Terminal Services enviroment.
Cassia is a open source library that puts .NET wrappers around the Windows Terminal Services API. I have used it for my server management and it works really well. You can get the idle time for any session by calling ITerminalServicesSession.LastInputTime
Scott Chamberlain
- 124,994
- 33
- 282
- 431
3
As I understood, you are okay with the result of GetLastInputInfo function. Thus I would suggest the following.
Now, suppose you have executable A that runs under Local System account. Create executable B that will gather relevant system information (with the help of GetLastInputInfo). Next, run executable B from executable A using this class which uses CreateProcessAsUser function with the logged user token (unfortunately I was unable to find stackoverflow question in which it was published):
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
namespace Helpers
{
[StructLayout(LayoutKind.Sequential)]
internal struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public uint dwProcessId;
public uint dwThreadId;
}
[StructLayout(LayoutKind.Sequential)]
internal struct SECURITY_ATTRIBUTES
{
public uint nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle;
}
[StructLayout(LayoutKind.Sequential)]
public struct STARTUPINFO
{
public uint cb;
public string lpReserved;
public string lpDesktop;
public string lpTitle;
public uint dwX;
public uint dwY;
public uint dwXSize;
public uint dwYSize;
public uint dwXCountChars;
public uint dwYCountChars;
public uint dwFillAttribute;
public uint dwFlags;
public short wShowWindow;
public short cbReserved2;
public IntPtr lpReserved2;
public IntPtr hStdInput;
public IntPtr hStdOutput;
public IntPtr hStdError;
}
internal enum SECURITY_IMPERSONATION_LEVEL
{
SecurityAnonymous,
SecurityIdentification,
SecurityImpersonation,
SecurityDelegation
}
internal enum TOKEN_TYPE
{
TokenPrimary = 1,
TokenImpersonation
}
public class ImpersonateProcessAsLoggedUser
{
private const short SW_SHOW = 5;
private const uint TOKEN_QUERY = 0x0008;
private const uint TOKEN_DUPLICATE = 0x0002;
private const uint TOKEN_ASSIGN_PRIMARY = 0x0001;
private const int GENERIC_ALL_ACCESS = 0x10000000;
private const int STARTF_USESHOWWINDOW = 0x00000001;
private const int STARTF_FORCEONFEEDBACK = 0x00000040;
private const uint CREATE_UNICODE_ENVIRONMENT = 0x00000400;
[DllImport("advapi32.dll", SetLastError = true)]
private static extern bool CreateProcessAsUser(
IntPtr hToken,
string lpApplicationName,
string lpCommandLine,
ref SECURITY_ATTRIBUTES lpProcessAttributes,
ref SECURITY_ATTRIBUTES lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
string lpCurrentDirectory,
ref STARTUPINFO lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("advapi32.dll", EntryPoint = "DuplicateTokenEx", SetLastError = true)]
private static extern bool DuplicateTokenEx(
IntPtr hExistingToken,
uint dwDesiredAccess,
ref SECURITY_ATTRIBUTES lpThreadAttributes,
Int32 ImpersonationLevel,
Int32 dwTokenType,
ref IntPtr phNewToken);
[DllImport("advapi32.dll", SetLastError = true)]
private static extern bool OpenProcessToken(
IntPtr ProcessHandle,
UInt32 DesiredAccess,
ref IntPtr TokenHandle);
[DllImport("userenv.dll", SetLastError = true)]
private static extern bool CreateEnvironmentBlock(
ref IntPtr lpEnvironment,
IntPtr hToken,
bool bInherit);
[DllImport("userenv.dll", SetLastError = true)]
private static extern bool DestroyEnvironmentBlock(
IntPtr lpEnvironment);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool CloseHandle(
IntPtr hObject);
private static bool LaunchProcessAsUser(string cmdLine, IntPtr token, IntPtr envBlock)
{
bool result = false;
var pi = new PROCESS_INFORMATION();
var saProcess = new SECURITY_ATTRIBUTES();
var saThread = new SECURITY_ATTRIBUTES();
saProcess.nLength = (uint) Marshal.SizeOf(saProcess);
saThread.nLength = (uint) Marshal.SizeOf(saThread);
var si = new STARTUPINFO();
si.cb = (uint) Marshal.SizeOf(si);
//if this member is NULL, the new process inherits the desktop
//and window station of its parent process. If this member is
//an empty string, the process does not inherit the desktop and
//window station of its parent process; instead, the system
//determines if a new desktop and window station need to be created.
//If the impersonated user already has a desktop, the system uses the
//existing desktop.
si.lpDesktop = @"WinSta0\Default"; //Modify as needed
si.dwFlags = STARTF_USESHOWWINDOW | STARTF_FORCEONFEEDBACK;
si.wShowWindow = SW_SHOW;
//Set other si properties as required.
result = CreateProcessAsUser(
token,
null,
cmdLine,
ref saProcess,
ref saThread,
false,
CREATE_UNICODE_ENVIRONMENT,
envBlock,
null,
ref si,
out pi);
if (result == false)
{
int error = Marshal.GetLastWin32Error();
string message = String.Format("CreateProcessAsUser Error: {0}", error);
Debug.WriteLine(message);
}
return result;
}
private static IntPtr GetPrimaryToken(int processId)
{
IntPtr token = IntPtr.Zero;
IntPtr primaryToken = IntPtr.Zero;
bool retVal = false;
Process p = null;
try
{
p = Process.GetProcessById(processId);
}
catch (ArgumentException)
{
string details = String.Format("ProcessID {0} Not Available", processId);
Debug.WriteLine(details);
throw;
}
//Gets impersonation token
retVal = OpenProcessToken(p.Handle, TOKEN_DUPLICATE, ref token);
if (retVal)
{
var sa = new SECURITY_ATTRIBUTES();
sa.nLength = (uint) Marshal.SizeOf(sa);
//Convert the impersonation token into Primary token
retVal = DuplicateTokenEx(
token,
TOKEN_ASSIGN_PRIMARY | TOKEN_DUPLICATE | TOKEN_QUERY,
ref sa,
(int) SECURITY_IMPERSONATION_LEVEL.SecurityIdentification,
(int) TOKEN_TYPE.TokenPrimary,
ref primaryToken);
//Close the Token that was previously opened.
CloseHandle(token);
if (retVal == false)
{
string message = String.Format("DuplicateTokenEx Error: {0}", Marshal.GetLastWin32Error());
Debug.WriteLine(message);
}
}
else
{
string message = String.Format("OpenProcessToken Error: {0}", Marshal.GetLastWin32Error());
Debug.WriteLine(message);
}
//We'll Close this token after it is used.
return primaryToken;
}
private static IntPtr GetEnvironmentBlock(IntPtr token)
{
IntPtr envBlock = IntPtr.Zero;
bool retVal = CreateEnvironmentBlock(ref envBlock, token, false);
if (retVal == false)
{
//Environment Block, things like common paths to My Documents etc.
//Will not be created if "false"
//It should not adversley affect CreateProcessAsUser.
string message = String.Format("CreateEnvironmentBlock Error: {0}", Marshal.GetLastWin32Error());
Debug.WriteLine(message);
}
return envBlock;
}
public static bool Launch(string appCmdLine /*,int processId*/)
{
bool ret = false;
//Either specify the processID explicitly
//Or try to get it from a process owned by the user.
//In this case assuming there is only one explorer.exe
Process[] ps = Process.GetProcessesByName("explorer");
int processId = -1; //=processId
if (ps.Length > 0)
{
processId = ps[0].Id;
}
if (processId > 1)
{
IntPtr token = GetPrimaryToken(processId);
if (token != IntPtr.Zero)
{
IntPtr envBlock = GetEnvironmentBlock(token);
ret = LaunchProcessAsUser(appCmdLine, token, envBlock);
if (envBlock != IntPtr.Zero)
DestroyEnvironmentBlock(envBlock);
CloseHandle(token);
}
}
return ret;
}
}
}
Next, you need to find a way for sending gathered information from executable B to executable A. There are numerous methods to do this. One of those is .Net Remoting. However you can go with creating an intermediate XML or even text file.
Maybe it is not the best way to solve your problem, but if you will need more Local System <-> Logged User interactions, you have a pattern to follow.
ReVolly
- 126
- 8
-
Well, the point is that the executable B will be running in the current user context. That is why GetLastInputInfo should return stats for that particular user. This class is now working in my system which consists of Windows Service that runs under Local System account and executable that injects in the logged user context from this service. The communication channel is .Net Remoting. Take a look at the Launch method and this particular line: IntPtr token = GetPrimaryToken(processId); UPD: Wow, what am I replying to? :-) – ReVolly Jun 27 '11 at 15:37
-
sorry about that I had looked more closely at the code and realized what you were doing, your description did not make that aspect of the solution clear. However, I doubt this will work very effectively in a Terminal Service environment, because you would not know which session you are actually communicating with, of course that might be an acceptable limitation depending on the use case scenario, so I am just pointing this out as an FYI. – Chris Taylor Jun 27 '11 at 15:53
-
Thanks, Chris. Sorry about description, I am not really good in English. I have not tried the code in Terminal Service environment, but in my case it worked like a charm. Actually, the only reason why proposed solution may not work in your scenario is wrong explorer token. This case require some additional investigation. – ReVolly Jun 27 '11 at 16:03
-
@Virtuality Hey, what you think is the best way to communicate between Windows Service (runs on SYSTEM) & Normal Process (runs on CURRENT USER). btw your code is awsome ! does it work in all platforms ? (XP/Vista/7)? – Danpe Jul 03 '11 at 20:52
-
@Danpe Well, thanks, but it's not mine, I found it somewhere on the StackOverflow. As I know, it works on XP/Vista/7 without a problem. When I started those project I mentioned I was using .Net Remoting, however not sure this is the best option now. If you're developing on .NET 4, depending on what are your requirements, I would suggest to look at 1) WCF (tcp or named pipe endpoints), 2) NamedPipes (.NET 4 has native support as I know). Of course, these are only some of the options. – ReVolly Jul 04 '11 at 16:53
2
The recommended approach for doing something like this is to have a separate application running which communicates the user session data to the service. You can configure the application at the start of the user session by adding it to the registry under HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
You can read more details on this approach in the following KB Article
Chris Taylor
- 52,623
- 10
- 78
- 89